Re: __unused

2006-11-08 Thread Jeroen Dekkers 
At Fri, 03 Nov 2006 14:45:52 -0600,
Hollis Blanchard wrote:
> 
> On Wed, 2006-11-01 at 13:48 +0100, Johan Rydberg wrote:
> > Hollis Blanchard <[EMAIL PROTECTED]> writes:
> > 
> > > --- grub2-cvs.orig/include/grub/types.h   2006-10-31 19:06:47.0 
> > > -0600
> > > +++ grub2-cvs/include/grub/types.h2006-10-31 19:06:58.0 
> > > -0600
> > > @@ -23,6 +23,8 @@
> > >  #include 
> > >  #include 
> > >  
> > > +#define __unused __attribute__ ((unused))
> > > +
> > 
> > First when I saw this it made me wanna comment on it, and tell you
> > that defines should all be in uppercase.  But then I poked through the
> > code, and saw the usage of it, and it looked quite nice, with the
> > exception of the __-prefix.  There are a lot of "common" words that
> > are keywords in C; inline, const and auto for example.  Maybe we
> > should make "unused" a reserved keyword in GRUB?  That would allow
> > us to write code like;
> 
> I left it as "__unused" for now, to match Linux's usage. (We can change
> it later if needed.)

We need another name, the __unused name is used in stat.h for an
unused member in struct stat. Grub-setup gives the following compiler
error:

gcc -Iutil/i386/pc -I/home/jeroen/cvs/grub2/util/i386/pc -I. -Iinclude 
-I/home/jeroen/cvs/grub2/include -Wall -W 
-DGRUB_LIBDIR=\"/usr/local/lib/grub/i386-pc\" -g -O2 -DGRUB_UTIL=1  -MD -c -o 
grub_setup-util_i386_pc_grub_setup.o 
/home/jeroen/cvs/grub2/util/i386/pc/grub-setup.c
In file included from /usr/include/sys/stat.h:105,
 from /home/jeroen/cvs/grub2/util/i386/pc/grub-setup.c:43:
/usr/include/bits/stat.h:103: error: expected identifier or ‘(’ before ‘[’ token
/usr/include/bits/stat.h:164: error: expected identifier or ‘(’ before ‘[’ token
make: *** [grub_setup-util_i386_pc_grub_setup.o] Error 1

Any ideas for a new name for the define? Something like "grub_unused"?

Jeroen Dekkers


___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel

Re: Stack protection via GCC's `-fstack-protector'

2006-11-08 Thread Samuel Thibault 
Hi,

Stefan Reinauer, le Wed 08 Nov 2006 23:36:44 +0100, a écrit :
> * Samuel Thibault <[EMAIL PROTECTED]> [061108 23:14]:
> > Thomas Schwinge, le Wed 08 Nov 2006 22:40:54 +0100, a écrit :
> > > then cat gnumach-undef-bad; exit 2; else true; fi
> > > stack_chk_fail
> > > 
> > > Is it feasible to have the `-fstack-protector' functionality in GNU Mach
> > > and GRUB2 (and how to do that, then) or shall we unconditionally pass
> > > `-fno-stack-protector' if available?
> > 
> > I'd say it shouldn't be very hard to provide a stack_chk_fail function,
> > even if all it does is just panic().
>  
> wont this add unnecessary bloat to the binary?

Just like to any binary of a distribution that would enable
-fstack-protector by default. That's not our concern, that's the
distribution's.

Samuel


___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel

Re: Stack protection via GCC's `-fstack-protector'

2006-11-08 Thread Stefan Reinauer 
Hi,

* Samuel Thibault <[EMAIL PROTECTED]> [061108 23:14]:
> Thomas Schwinge, le Wed 08 Nov 2006 22:40:54 +0100, a écrit :
> > then cat gnumach-undef-bad; exit 2; else true; fi
> > stack_chk_fail
> > 
> > Is it feasible to have the `-fstack-protector' functionality in GNU Mach
> > and GRUB2 (and how to do that, then) or shall we unconditionally pass
> > `-fno-stack-protector' if available?
> 
> I'd say it shouldn't be very hard to provide a stack_chk_fail function,
> even if all it does is just panic().
 
wont this add unnecessary bloat to the binary? No, not the function
calling panic. Or are we seriously concerned about buffer overflows 
in the bootloader?

S.

-- 
coresystems GmbH • Brahmsstr. 16 • D-79104 Freiburg i. Br.
  Tel.: +49 761 7668825 • Fax: +49 761 7664613
Email: [EMAIL PROTECTED]  • http://www.coresystems.de/


___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel

Re: Stack protection via GCC's `-fstack-protector'

2006-11-08 Thread Thomas Schwinge 
Hello!

On Wed, Nov 08, 2006 at 11:14:19PM +0100, Samuel Thibault wrote:
> Thomas Schwinge, le Wed 08 Nov 2006 22:40:54 +0100, a ?crit :
> > Is it feasible to have the `-fstack-protector' functionality in GNU Mach
> > and GRUB2 (and how to do that, then) or shall we unconditionally pass
> > `-fno-stack-protector' if available?
> 
> I'd say it shouldn't be very hard to provide a stack_chk_fail function,
> even if all it does is just panic().

Having had a look at glibc's implementation and its complexity ;-) that
might indeed be a reachable goal (assuming that no other surprises show
up):

debug/stack_chk_fail.c
#v+
[Copyright header.]

#include 
#include 


extern char **__libc_argv attribute_hidden;

void
__attribute__ ((noreturn))
__stack_chk_fail (void)
{
  /* The loop is added only to keep gcc happy.  */
  while (1)
__libc_message (1, "*** stack smashing detected ***: %s terminated\n",
__libc_argv[0] ?: "");
}
#v-


I'll give it a try.


Regards,
 Thomas


signature.asc
Description: Digital signature
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel

Re: Stack protection via GCC's `-fstack-protector'

2006-11-08 Thread Samuel Thibault 
Hi,

Thomas Schwinge, le Wed 08 Nov 2006 22:40:54 +0100, a écrit :
> then cat gnumach-undef-bad; exit 2; else true; fi
> stack_chk_fail
> 
> Is it feasible to have the `-fstack-protector' functionality in GNU Mach
> and GRUB2 (and how to do that, then) or shall we unconditionally pass
> `-fno-stack-protector' if available?

I'd say it shouldn't be very hard to provide a stack_chk_fail function,
even if all it does is just panic().

Samuel


___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel

Stack protection via GCC's `-fstack-protector'

2006-11-08 Thread Thomas Schwinge 
[Please keep both  and  in the
recipients list.]


Hello!

For some time, GCC now offers the following feature:

info Gcc
#v+
`-fstack-protector'
 Emit extra code to check for buffer overflows, such as stack
 smashing attacks.  This is done by adding a guard variable to
 functions with vulnerable objects.  This includes functions that
 call alloca, and functions with buffers larger than 8 bytes.  The
 guards are initialized when a function is entered and then checked
 when the function exits.  If a guard check fails, an error message
 is printed and the program exits.
#v-

I now happen to be running a GCC 4.1 installation which has that one
enabled by default.  Unfortunately, building GNU Mach and GRUB2 (didn't
check GRUB legacy) is affected by that:

GRUB2
#v+
[...]
gcc -o kernel.exec kernel_img-kern_i386_pc_startup.o kernel_img-kern_main.o 
kernel_img-kern_device.o kernel_img-kern_disk.o kernel_img-kern_dl.o 
kernel_img-kern_file.o kernel_img-kern_fs.o kernel_img-kern_err.o 
kernel_img-kern_misc.o kernel_img-kern_mm.o kernel_img-kern_loader.o 
kernel_img-kern_rescue.o kernel_img-kern_term.o kernel_img-kern_i386_dl.o 
kernel_img-kern_i386_pc_init.o kernel_img-kern_parser.o 
kernel_img-kern_partition.o kernel_img-kern_env.o 
kernel_img-disk_i386_pc_biosdisk.o kernel_img-term_i386_pc_console.o 
kernel_img-symlist.o  -nostdlib -Wl,-N,-Ttext,8200 -fno-builtin -mrtd 
-mregparm=3 -m32
kernel_img-kern_device.o: In function `grub_device_iterate':
../kern/device.c:142: undefined reference to `__stack_chk_fail'
kernel_img-kern_disk.o: In function `grub_disk_write':
../kern/disk.c:553: undefined reference to `__stack_chk_fail'
kernel_img-kern_misc.o: In function `grub_vsprintf':
../kern/misc.c:897: undefined reference to `__stack_chk_fail'
kernel_img-kern_rescue.o: In function `grub_rescue_cmd_cat':
../kern/rescue.c:169: undefined reference to `__stack_chk_fail'
kernel_img-kern_i386_pc_init.o: In function `grub_machine_set_prefix':
../kern/i386/pc/init.c:239: undefined reference to `__stack_chk_fail'
kernel_img-kern_parser.o:../kern/parser.c:230: more undefined references to 
`__stack_chk_fail' follow
collect2: ld returned 1 exit status
make: *** [kernel.exec] Error 1
#v-

GNU Mach
#v+
[...]
ld -u _start -r -o gnumach.o --start-group  libkernel.a liblinux.a 
liblinux_pcmcia_cs_modules.a liblinux_pcmcia_cs_clients.a 
liblinux_pcmcia_cs_wireless.a 
nm -u gnumach.o | sed 's/  *U  *//;s/^_*//' | sort -u > gnumach-undef
sed '/^memcpy$/d; /^memmove$/d; /^memset$/d; /^bcopy$/d; /^bzero$/d; 
/^strchr$/d; /^strstr$/d; /^strsep$/d; /^strpbrk$/d; /^strtok$/d; /^htonl$/d; 
/^htons$/d; /^ntohl$/d; /^ntohs$/d; /^etext$/d; /^edata$/d; /^end$/d;' 
gnumach-undef > gnumach-undef-bad
if test -s gnumach-undef-bad; \
then cat gnumach-undef-bad; exit 2; else true; fi
stack_chk_fail
make[2]: *** [clib-routines.o] Error 2
make[2]: Leaving directory 
`/fs/data/mount/home/thomas/tmp/source/gnumach/gnumach-1-branch/build'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory 
`/fs/data/mount/home/thomas/tmp/source/gnumach/gnumach-1-branch/build'
make: *** [all] Error 2
#v-


Is it feasible to have the `-fstack-protector' functionality in GNU Mach
and GRUB2 (and how to do that, then) or shall we unconditionally pass
`-fno-stack-protector' if available?


Regards,
 Thomas


signature.asc
Description: Digital signature
___
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel